[llvm-bugs] [Bug 139128] [sanitizer] "src:*=sanitize" does not work for UBSan

Thu, 08 May 2025 11:52:26 -0700

Issue 139128
Summary [sanitizer] "src:*=sanitize" does not work for UBSan
Labels new issue
Assignees qinkunbao
Reporter qinkunbao 
    According to the [UBSan doc](https://clang.llvm.org/docs/SanitizerSpecialCaseList.html#id4), UBSan's `=sanitize` category enables an allowlist approach to instrumentation files/types. Instead of the default behavior of instrumenting all files, users can selectively enable instrumentation for specific files while disabling it for all others. This provides a fine-grained control over which parts of the code are ubstrumented by UBSan.

However, it looks like the current implementation only support the `type:*=sanitize`. Consider the following example. 

```
$ tree .
.
├── allowlist.txt
├── lib1
│   └── foo.c
├── lib2
│   └── bar.c
└── main.c

3 directories, 4 files

$ cat main.c
extern void foo();
extern void bar();
int main() {
  foo();
  bar();
  return 0;
}

$ cat ./lib1/foo.c
#include <stdio.h>

void foo() {
  int k = 0x7fffffff;
  int r = k + 10;
  printf("call from foo: %d\n", r);
}

$ cat ./lib2/bar.c
#include <stdio.h>

void bar() {
  int k = 0x7fffffff;
  int r = k + 1;
  printf("call from bar: %d\n", r);
}

```

Build the example with `-fsanitize=undefined`.

```
$ clang -fsanitize=undefined  main.c ./lib1/foo.c ./lib2/bar.c -o san
$ ./san
lib1/foo.c:5:13: runtime error: signed integer overflow: 2147483647 + 10 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior lib1/foo.c:5:13
call from foo: -2147483639
lib2/bar.c:5:13: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior lib2/bar.c:5:13
call from bar: -2147483648
Hello world
```

Build the example with `-fsanitize=undefined -fsanitize-ignorelist=allowlist.txt`.

```
$ cat allowlist.txt
src:*
src:lib2/*=sanitize

$ clang -fsanitize=undefined -fsanitize-ignorelist=allowlist.txt main.c ./lib1/foo.c ./lib2/bar.c -o san_allowlist
$ ./san_allowlist
call from foo: -2147483639
call from bar: -2147483648 
Hello world
```
Given `lib2/bar.c` is in the allowlist, I expect the integer overflow bug inside `bar` should be caught by `UBSan`.

After searching the existing LLVM repo, I don't find any tests that cover the case `src:*=sanitize`. Maybe it is a feature that has not been implemented.

_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs

Reply via email to